Advances in multimedia, communication and networking technologies have dramatically increased the use of electronic commerce. In particular, businesses have developed web sites that provide an electronic storefront to encourage customers to view their merchandise from remote locations and to purchase their merchandise. Consumers use various types of devices to access the Internet such as computers, personal digital assistants, web-enabled cellular phones or other Internet-enabled devices.
Advantages of electronic storefronts include reduced overhead costs due to the lack of investment in brick and mortar. Electronic commerce also provides businesses with significant gains in efficiency through better management of inventory. In other words, the volume and number of transaction increases, which makes inventory management easier than brick and mortar facilities having lower volume. In addition, customers can access the electronic storefront from any location in the world that provides access to the Internet. Electronic commerce also has the capability of reaching a wider audience than individual brick and mortar storefronts with relatively low initial capital costs.
One obstacle that may slow the growth of electronic commerce is the inadequacy of security that is currently provided by the Internet. Many businesses have delayed moving towards the electronic commerce business model due to their concerns relating to network security, application security, and system security. Consumers have also been wary of transmitting their credit card information or other forms of payment over the Internet. The security concerns of businesses and consumers have slowed the growth of electronic commerce.
Credit card transactions involve several different parties: the buyer or credit card holder, the seller or merchant, the merchant's bank, the credit card issuing bank, and the credit card network. The merchant submits the credit card transactions to the credit card network. The credit card network processes the merchant's credit card transactions through the financial network on behalf of the merchant bank.
Security risks to electronic credit card systems arise in the consumer or merchant domains and in the financial institution domain. In addition, there are also network security risks. Attacks on the security of electronic credit card transaction systems will be attempted for financial gain. Specific attacks include attempts to duplicate or steal genuine purchase orders or credit card information, creating fraudulent purchase orders or credit card information, and/or altering data that is stored in records or sent in messages that are transmitted between devices. For example, the amount of money the buyer should pay can be altered. The recipient of the electronic payment (the merchant) may also be fraudulently modified. Traditional electronic credit card transactions systems mainly focus on protecting the customer and the banks from bad merchants or third party thefts. These transaction systems do not protect merchants from bad customers.
Therefore, to reduce the security risks, an electronic commerce transaction system must provide adequate security to all of the parties involved in the electronic commerce transactions.